remark - allow HTTP from world to instance LAX1:210 permit tcp any host 18.104.22.168 eq 80 remark - allow 40000-41000 ports from VLAN LAX1:2071 (subnet of 256 IPs) permit udp 22.214.171.124 0.0.0.255 any range 40000 41000 remark - allow SSH from world permit tcp any any eq 22 remark - allow all traffic (all source and destination ports) from 126.96.36.199 to the whole VLAN permit tcp 188.8.131.52 any
Formerly, ACLs were set and modified though the AppNexus support team. Now you can set and modify them yourself with new are set and modifed by customers using parameters in the
manage-vlan CLI tool:
In addition to ACEs you can place remarks (comments) in ACLs. The remarks are needed usually for easier understanding documenting the the ACL to make it easier to understand. For example:
remark - allow SSH from world permit tcp any any eq 22
Note that in case you need to open SNMP to your instances/VLANs it's from beyond the AppNexus network, it is not enough to open 161 port via
manage-vlan, as we also need to "make a hole" open an ACL on our borders border routers as well. Please , open a Support ticket, requesting the task.this to happen.
NOTE: The set-acl and append-acl commands will validate ACEs for syntactical correctness, but will not look at the overall ACL to see if it makes functional sense. Processing of ACLs stops when an ACE/rule is matched.